Workstations and servers include built-in utilities that - in the hands of an attacker - can be used to exploit the device and those around it. General mitigation advice says to limit or monitor use of popular built-in utilities. However, this approach can be untenable at scale, as the list of utilities - and the way they can be leveraged - is infinite and overlapping with common device usage. Instead, a more future-proof solution is to replace the underlying operating system altogether. Instead of servers, use containers. Instead of laptops, use mobile devices or Chromebooks. These devices are “secure by design”, which means the operating system treats security as a leading priority and does not include access to most system utilities.